Freely subscribe to our NEWSLETTER

Stealthcare, emphasizes threat assessment as an essential cybersecurity component so that organizations can play offense in the increasingly sophisticated cyberwar.

Jeremy Samide, Stealthcare, CEO warns, “Android is an attractive target since it is the dominant operating system globally and many of its users run outdated versions on their smartphones, tablets and other devices. At minimum, update your OS to protect your devices from this and variants we expect to see in the near future.”

Here is how HeroRAT works: “We initially observed the malware HeroRAT being distributed to those wishing to gain control over Android devices. This is a Remote Access Trojan that abuses the Telegramprotocol so that hackers can gain command and control (C2) for data exfiltration. By using Telegram for C2 the hackers avoid detection because the traffic is between the user and trusted upload servers.”

Samide, whose Stealthcare introduced a new cybersecurity and threat assessment platform Zero Day Livein 2017, warned clients, “Though the malware’s source code is publicly available, disreputable operators offer paid models which include customer support. HeroRAT works on all Android versions but requires the victim to accept permissions that include gaining administrator privileges. The hackers rely on various attack vectors including third-party applications, social media and messaging.”

Samide, who has supported Department of Defense, U.S. intelligence community, Federal law enforcement agencies, continues, “Protecting widely deployed operating systems like Android from hackers of all types is not an easy task but we have to take the gloves off and fight back."

Beware Battery Saver

Additionally, the Advanced Battery Saver application you can download from the Google Play Store is laced with functionality to steal information and silently click advertisements.

“The app propagates via pop-up messages that redirect users to the its Play Store landing page. Ironically it does perform legitimate battery-saving functions,” Samide said, adding, “The ad clicking component is obviously designed to generate revenue for the operators, but it remains unknown how the operators plan to leverage stolen information from the over 60,000 users who have so far been infected.”

Through cyber intel sources, machine learning, tradecraft and other methods, Stealthcare traces malware during its early development to learn when it is going to be traded or sold and how soon it will be weaponized and deployed to those with ill intent. During times of high international tensions, malware attacks often emerge from state actors such as China, North Korea, Iran and Russia as well as from their sympathizers.

According to Gartner Research Report for Security Leaders: Zero Day Live provides truly anticipatory, content-based, customized intelligence. For example, Stealthcare predicted the ransomware attack on the city of Atlanta in March and the continued evolution and growing sophistication of newer malware strains that became a reality in 2016 and include new self-propagating mutations.